What are "pam_unix(sshd:auth): check pass; user unknown" messages in system log?

Issue

When INFO level logging is enabled, in some scenarios when RADIUS/TACACS is used in combination with local login, pam_unix(sshd:auth): check pass; user unknown messages are seen in system logs

Solution

This is normal and expected behaviour on all RiOS releases. By default, SSH allows empty passwords for user logins. This means that every single user on SSH login is matched against local database with empty password. If user is found but password is set, system log will report authentication failure and user will be prompted for password. If user is not found localy because it exists in RADIUS or TACACS database, system log will report pam_unix(sshd:auth): check pass; user unknown and user will be again prompted for password and later checked against RADIUS/TACACS database.

Environment

All RiOS releases

NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.